Trojaner-Board
Seite 2 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Windows recovery entfernt aber die Ordner sind noch durchsichtig (https://www.trojaner-board.de/99504-windows-recovery-entfernt-ordner-noch-durchsichtig.html)

cosinus 26.05.2011 21:20
Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.


Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
  • Doppelklick auf die MBRCheck.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Das Tool braucht nur wenige Sekunden.
  • Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.
Poste mir bitte den Inhalt des .txt Dokumentes

Manumaschine 27.05.2011 20:24
GMER Logfile:
Code:
GMER 1.0.15.15627 - hxxp://www.gmer.net
Rootkit scan 2011-05-27 21:23:34
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-17 ST3160023AS rev.3.00
Running: bnlo5wno.exe; Driver: C:\DOKUME~1\Manu\LOKALE~1\Temp\awlirpod.sys


---- System - GMER 1.0.15 ----

SSDT  F7AAA0C6                                  ZwCreateKey
SSDT  F7AAA0BC                                  ZwCreateThread
SSDT  F7AAA0CB                                  ZwDeleteKey
SSDT  F7AAA0D5                                  ZwDeleteValueKey
SSDT  F7AAA0DA                                  ZwLoadKey
SSDT  F7AAA0A8                                  ZwOpenProcess
SSDT  F7AAA0AD                                  ZwOpenThread
SSDT  F7AAA0E4                                  ZwReplaceKey
SSDT  F7AAA0DF                                  ZwRestoreKey
SSDT  F7AAA0D0                                  ZwSetValueKey
SSDT  F7AAA0B7                                  ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

.text  C:\WINDOWS\system32\DRIVERS\ati2mtag.sys  section is writeable [0xB95AF000, 0x1C5D58, 0xE8000020]

---- EOF - GMER 1.0.15 ----
--- --- ---

Manumaschine 28.05.2011 09:43
OSAM Logfile:
Code:
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 10:42:39 on 28.05.2011

OS: Windows XP Home Edition Service Pack 3 (Build 2600)
Default Browser: Mozilla Corporation Firefox 3.6.13

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"RealUpgradeLogonTaskS-1-5-21-823518204-1390067357-725345543-1005.job" - "RealNetworks, Inc." - C:\Programme\Real\RealUpgrade\realupgrade.exe
"RealUpgradeLogonTaskS-1-5-21-823518204-1390067357-725345543-1009.job" - "RealNetworks, Inc." - C:\Programme\Real\RealUpgrade\realupgrade.exe
"RealUpgradeLogonTaskS-1-5-21-823518204-1390067357-725345543-1010.job" - "RealNetworks, Inc." - C:\Programme\Real\RealUpgrade\realupgrade.exe
"RealUpgradeLogonTaskS-1-5-21-823518204-1390067357-725345543-1011.job" - "RealNetworks, Inc." - C:\Programme\Real\RealUpgrade\realupgrade.exe
"RealUpgradeScheduledTaskS-1-5-21-823518204-1390067357-725345543-1005.job" - "RealNetworks, Inc." - C:\Programme\Real\RealUpgrade\realupgrade.exe
"RealUpgradeScheduledTaskS-1-5-21-823518204-1390067357-725345543-1009.job" - "RealNetworks, Inc." - C:\Programme\Real\RealUpgrade\realupgrade.exe
"RealUpgradeScheduledTaskS-1-5-21-823518204-1390067357-725345543-1010.job" - "RealNetworks, Inc." - C:\Programme\Real\RealUpgrade\realupgrade.exe
"RealUpgradeScheduledTaskS-1-5-21-823518204-1390067357-725345543-1011.job" - "RealNetworks, Inc." - C:\Programme\Real\RealUpgrade\realupgrade.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"ALSNDMGR.CPL" - "Realtek Semiconductor Corp." - C:\WINDOWS\system32\ALSNDMGR.CPL
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
"infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl
"javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl
"RTSndMgr.CPL" - "Realtek Semiconductor Corp." - C:\WINDOWS\system32\RTSndMgr.CPL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"Avira AntiVir Personal - Free Antivirus " - "Avira GmbH" - C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl
"Avira AntiVir PersonalEdition Classic" - ? - C:\PROGRA~1\ANTIVI~1\avconfig.cpl  (File not found)
"lgLcdCpl" - "Logitech Inc." - C:\Programme\Logitech\G-series Software\LgLcdCpl.cpl
"QuickTime" - "Apple Inc." - C:\Programme\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"avgio" (avgio) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avgio.sys
"avgntflt" (avgntflt) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avipbb.sys
"catchme" (catchme) - ? - C:\cofi\catchme.sys  (File not found)
"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys  (File not found)
"i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys  (File not found)
"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys  (File not found)
"Logitech SetPoint HID Mouse Filter Driver" (LHidKe) - "Logitech, Inc." - C:\WINDOWS\System32\DRIVERS\LHidKE.Sys
"Logitech SetPoint Mouse Filter Driver" (LMouKE) - "Logitech, Inc." - C:\WINDOWS\System32\DRIVERS\LMouKE.Sys
"Logitech SetPoint USB Receiver device driver" (LHidUsbK) - "Logitech, Inc." - C:\WINDOWS\System32\Drivers\LHidUsbK.Sys
"Nokia USB Flashing Generic" (nmwcdnsuc) - ? - C:\WINDOWS\System32\drivers\nmwcdnsuc.sys  (File not found)
"Nokia USB Flashing Phone Parent" (nmwcdnsu) - ? - C:\WINDOWS\System32\drivers\nmwcdnsu.sys  (File not found)
"Nokia USB Generic" (nmwcdc) - ? - C:\WINDOWS\System32\drivers\ccdcmbo.sys  (File not found)
"Nokia USB Phone Parent" (nmwcd) - ? - C:\WINDOWS\System32\drivers\ccdcmb.sys  (File not found)
"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys  (File not found)
"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys  (File not found)
"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys  (File not found)
"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys  (File not found)
"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys  (File not found)
"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys
"Realtek 10/100/1000 NIC Family all in one NDIS XP Driver" (RTL8023xp) - "Realtek Semiconductor Corporation                          " - C:\WINDOWS\System32\DRIVERS\Rtlnicxp.sys
"Service for Realtek HD Audio (WDM)" (IntcAzAudAddService) - "Realtek Semiconductor Corp." - C:\WINDOWS\System32\drivers\RtkHDAud.sys
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys
"upperdev" (upperdev) - ? - C:\WINDOWS\System32\DRIVERS\usbser_lowerflt.sys  (File not found)
"UsbserFilt" (UsbserFilt) - ? - C:\WINDOWS\System32\DRIVERS\usbser_lowerfltj.sys  (File not found)
"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys  (File not found)

[Explorer]
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} "Versions-Update für Internet Explorer" - "Microsoft Corporation" - C:\WINDOWS\system32\ieudinit.exe
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{9462A756-7B47-47BC-8C80-C34B9B80B32B} "BackWeb GA Pluggable Protocol" - "BackWeb Technologies Inc.                        " - C:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
{79bbd618-79c1-411f-b912-d59d1e577aa0} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc.                        " - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
{79bbd618-79c1-411f-b912-d59d1e577aa0} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc.                        " - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
{79bbd618-79c1-411f-b912-d59d1e577aa0} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc.                        " - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
{79bbd618-79c1-411f-b912-d59d1e577aa0} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc.                        " - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
{79bbd618-79c1-411f-b912-d59d1e577aa0} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc.                        " - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
{79bbd618-79c1-411f-b912-d59d1e577aa0} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc.                        " - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
{79bbd618-79c1-411f-b912-d59d1e577aa0} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc.                        " - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
{79bbd618-79c1-411f-b912-d59d1e577aa0} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc.                        " - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
{79bbd618-79c1-411f-b912-d59d1e577aa0} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc.                        " - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
{79bbd618-79c1-411f-b912-d59d1e577aa0} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc.                        " - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
{79bbd618-79c1-411f-b912-d59d1e577aa0} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc.                        " - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
{79bbd618-79c1-411f-b912-d59d1e577aa0} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc.                        " - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
{79bbd618-79c1-411f-b912-d59d1e577aa0} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc.                        " - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
{79bbd618-79c1-411f-b912-d59d1e577aa0} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc.                        " - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
{79bbd618-79c1-411f-b912-d59d1e577aa0} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc.                        " - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
{79bbd618-79c1-411f-b912-d59d1e577aa0} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc.                        " - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
{79bbd618-79c1-411f-b912-d59d1e577aa0} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc.                        " - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
{79bbd618-79c1-411f-b912-d59d1e577aa0} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc.                        " - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
{79bbd618-79c1-411f-b912-d59d1e577aa0} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc.                        " - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
{79bbd618-79c1-411f-b912-d59d1e577aa0} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc.                        " - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
{79bbd618-79c1-411f-b912-d59d1e577aa0} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc.                        " - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
{79bbd618-79c1-411f-b912-d59d1e577aa0} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc.                        " - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
{79bbd618-79c1-411f-b912-d59d1e577aa0} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc.                        " - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
{79bbd618-79c1-411f-b912-d59d1e577aa0} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc.                        " - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
{79bbd618-79c1-411f-b912-d59d1e577aa0} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc.                        " - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
{79bbd618-79c1-411f-b912-d59d1e577aa0} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc.                        " - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
{79bbd618-79c1-411f-b912-d59d1e577aa0} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc.                        " - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
{79bbd618-79c1-411f-b912-d59d1e577aa0} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc.                        " - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
{79bbd618-79c1-411f-b912-d59d1e577aa0} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc.                        " - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
{79bbd618-79c1-411f-b912-d59d1e577aa0} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc.                        " - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
{79bbd618-79c1-411f-b912-d59d1e577aa0} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc.                        " - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
{79bbd618-79c1-411f-b912-d59d1e577aa0} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc.                        " - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
{79bbd618-79c1-411f-b912-d59d1e577aa0} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc.                        " - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
{79bbd618-79c1-411f-b912-d59d1e577aa0} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc.                        " - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
{79bbd618-79c1-411f-b912-d59d1e577aa0} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc.                        " - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
{79bbd618-79c1-411f-b912-d59d1e577aa0} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc.                        " - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
{79bbd618-79c1-411f-b912-d59d1e577aa0} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc.                        " - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
{79bbd618-79c1-411f-b912-d59d1e577aa0} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc.                        " - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
{79bbd618-79c1-411f-b912-d59d1e577aa0} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc.                        " - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
{79bbd618-79c1-411f-b912-d59d1e577aa0} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc.                        " - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
{79bbd618-79c1-411f-b912-d59d1e577aa0} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc.                        " - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
{79bbd618-79c1-411f-b912-d59d1e577aa0} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc.                        " - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
{79bbd618-79c1-411f-b912-d59d1e577aa0} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc.                        " - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
{79bbd618-79c1-411f-b912-d59d1e577aa0} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc.                        " - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
{79bbd618-79c1-411f-b912-d59d1e577aa0} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc.                        " - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
{79bbd618-79c1-411f-b912-d59d1e577aa0} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc.                        " - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
{79bbd618-79c1-411f-b912-d59d1e577aa0} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc.                        " - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
{79bbd618-79c1-411f-b912-d59d1e577aa0} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc.                        " - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
{79bbd618-79c1-411f-b912-d59d1e577aa0} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc.                        " - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
{79bbd618-79c1-411f-b912-d59d1e577aa0} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc.                        " - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
{79bbd618-79c1-411f-b912-d59d1e577aa0} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc.                        " - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
{79bbd618-79c1-411f-b912-d59d1e577aa0} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc.                        " - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
{79bbd618-79c1-411f-b912-d59d1e577aa0} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc.                        " - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
{79bbd618-79c1-411f-b912-d59d1e577aa0} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc.                        " - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
{79bbd618-79c1-411f-b912-d59d1e577aa0} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc.                        " - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
{79bbd618-79c1-411f-b912-d59d1e577aa0} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc.                        " - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
{79bbd618-79c1-411f-b912-d59d1e577aa0} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc.                        " - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
{79bbd618-79c1-411f-b912-d59d1e577aa0} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc.                        " - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
{79bbd618-79c1-411f-b912-d59d1e577aa0} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc.                        " - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
{79bbd618-79c1-411f-b912-d59d1e577aa0} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc.                        " - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
{79bbd618-79c1-411f-b912-d59d1e577aa0} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc.                        " - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
{79bbd618-79c1-411f-b912-d59d1e577aa0} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc.                        " - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
{79bbd618-79c1-411f-b912-d59d1e577aa0} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc.                        " - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
{79bbd618-79c1-411f-b912-d59d1e577aa0} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc.                        " - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
{79bbd618-79c1-411f-b912-d59d1e577aa0} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc.                        " - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
{79bbd618-79c1-411f-b912-d59d1e577aa0} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc.                        " - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
{79bbd618-79c1-411f-b912-d59d1e577aa0} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc.                        " - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
{79bbd618-79c1-411f-b912-d59d1e577aa0} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc.                        " - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
{79bbd618-79c1-411f-b912-d59d1e577aa0} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc.                        " - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
{79bbd618-79c1-411f-b912-d59d1e577aa0} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc.                        " - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
{79bbd618-79c1-411f-b912-d59d1e577aa0} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc.                        " - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
{79bbd618-79c1-411f-b912-d59d1e577aa0} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc.                        " - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
{79bbd618-79c1-411f-b912-d59d1e577aa0} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc.                        " - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
{79bbd618-79c1-411f-b912-d59d1e577aa0} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc.                        " - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
{79bbd618-79c1-411f-b912-d59d1e577aa0} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc.                        " - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
{79bbd618-79c1-411f-b912-d59d1e577aa0} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc.                        " - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
{79BBD618-79C1-411F-B912-D59D1E577AA0} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc.                        " - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll  (File not found)
{1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache" - "Microsoft Corporation" - c:\WINDOWS\system32\mscoree.dll
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -  (File not found | COM-object registry key not found)
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? -  (File not found | COM-object registry key not found)
{BC476F4C-D9D7-4100-8D4E-E043F6DEC409} "Microsoft Browser Architecture" - ? -  (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll
{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll
{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" - "RealNetworks, Inc." - c:\programme\real\realplayer\rpshell.dll
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\shlext.dll
{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll
{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? -  (File not found | COM-object registry key not found)
{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll
{5E2121EE-0300-11D4-8D3B-444553540000} "SimpleShlExt Class" - "Advanced Micro Devices, Inc." - C:\Programme\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Web Folders" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\MSONSEXT.DLL
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Programme\WinRAR\rarext.dll  (File found, but it contains no detailed information)

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -  (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -  (File not found | COM-object registry key not found)
<binary data> "ITBarLayout" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_24.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_24.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_24.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
{D0C0F75C-683A-4390-A791-1ACFD5599AB8} "Oberon Flash Game Host" - "Oberon Media, Inc." - C:\WINDOWS\Downloaded Program Files\OberonGameHost.dll / hxxp://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab
{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} "{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}" - ? -  (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} "{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}" - ? -  (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} "{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}" - ? -  (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} "{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}" - ? -  (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} "{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}" - ? -  (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} "{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}" - ? -  (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} "{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}" - ? -  (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
"ICQ7.5" - "ICQ, LLC." - C:\Programme\ICQ7.5\ICQ.exe
"PokerStars" - "PokerStars" - C:\Programme\PokerStars\PokerStarsUpdate.exe
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

[Logon]
-----( %UserProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\Manu\Startmenü\Programme\Autostart\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"LDM" - "Logitech" - C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"AlcWzrd" - "RealTek Semicoductor Corp." - ALCWZRD.EXE
"avgnt" - "Avira GmbH" - "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
"C-Media Echo Control" - ? - C:\Programme\PCI Audio Applications\Bin\EchoCtrl.exe
"Launch LCDMon" - "Logitech Inc." - "C:\Programme\Logitech\G-series Software\LCDMon.exe"
"Launch LGDCore" - "Logitech Inc." - "C:\Programme\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
"Logitech Hardware Abstraction Layer" - "Logitech Inc." - KHALMNPR.EXE
"NeroFilterCheck" - "Ahead Software Gmbh" - C:\WINDOWS\system32\NeroCheck.exe
"QuickTime Task" - "Apple Inc." - "C:\Programme\QuickTime\qttask.exe" -atboottime
"SoundMan" - "Realtek Semiconductor Corp." - SOUNDMAN.EXE
"StartCCC" - "Advanced Micro Devices, Inc." - "C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe"
"TkBellExe" - "RealNetworks, Inc." - "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe"  -osboot

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Canon BJ Language Monitor MP150" - "CANON INC." - C:\WINDOWS\system32\CNMLM7K.DLL
"Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\WINDOWS\system32\msonpmon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
"Anwendungsverwaltung" (AppMgmt) - ? - C:\WINDOWS\System32\appmgmts.dll  (File not found)
"ASP.NET State Service" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
"ATI Smart" (ATI Smart) - ? - C:\WINDOWS\system32\ati2sgag.exe
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\sched.exe
"Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
"PnkBstrA" (PnkBstrA) - ? - C:\WINDOWS\system32\PnkBstrA.exe  (File found, but it contains no detailed information)
"PostgreSQL Database Server 8.3" (pgsql-8.3) - "PostgreSQL Global Development Group" - C:\Programme\PostgreSQL\8.3\bin\pg_ctl.exe
"ServiceLayer" (ServiceLayer) - "Nokia" - C:\Programme\PC Connectivity Solution\ServiceLayer.exe
"Windows CardSpace" (idsvc) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

[Winlogon]
-----( HKCU\Control Panel\IOProcs )-----
"MVB" - ? - mvfs32.dll  (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions )-----
{c6dc5466-785a-11d2-84d0-00c04fb169f7} "Softwareinstallation" - ? - appmgmts.dll  (File not found)

===[ Logfile end ]=========================================[ Logfile end ]===
--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

Manumaschine 28.05.2011 09:45
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x000007dd

Kernel Drivers (total 123):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x80701000 \WINDOWS\system32\hal.dll
0xF7987000 \WINDOWS\system32\KDCOM.DLL
0xF7897000 \WINDOWS\system32\BOOTVID.dll
0xF75A7000 ACPI.sys
0xF7989000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF7596000 pci.sys
0xF75F7000 isapnp.sys
0xF7607000 ohci1394.sys
0xF7617000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xF7A4F000 PCIIde.sys
0xF7707000 \WINDOWS\System32\Drivers\PCIIDEX.SYS
0xF798B000 intelide.sys
0xF7627000 MountMgr.sys
0xF74D7000 ftdisk.sys
0xF770F000 PartMgr.sys
0xF7637000 VolSnap.sys
0xF74BF000 atapi.sys
0xF7647000 disk.sys
0xF7657000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF749F000 fltmgr.sys
0xF748D000 sr.sys
0xF7667000 PxHelp20.sys
0xF7860000 KSecDD.sys
0xF784D000 WudfPf.sys
0xF7B52000 Ntfs.sys
0xF795A000 NDIS.sys
0xF7833000 Mup.sys
0xF76E7000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xB9EB9000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xB958C000 \SystemRoot\system32\DRIVERS\ati2mtag.sys
0xB9578000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xB9550000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xF77F7000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xB952C000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xB9519000 \SystemRoot\system32\DRIVERS\Rtlnicxp.sys
0xB94BE000 \SystemRoot\system32\drivers\cmaudio.sys
0xB949A000 \SystemRoot\system32\drivers\portcls.sys
0xF76C7000 \SystemRoot\system32\drivers\drmk.sys
0xB9477000 \SystemRoot\system32\drivers\ks.sys
0xF77FF000 \SystemRoot\system32\DRIVERS\fdc.sys
0xF76D7000 \SystemRoot\system32\DRIVERS\serial.sys
0xBA7FC000 \SystemRoot\system32\DRIVERS\serenum.sys
0xF76F7000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF7586000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF7576000 \SystemRoot\system32\DRIVERS\redbook.sys
0xBA05D000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF79B1000 \SystemRoot\System32\Drivers\RootMdm.sys
0xF7807000 \SystemRoot\System32\Drivers\Modem.SYS
0xF7566000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xBA7F0000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB9460000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF7556000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF7546000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF780F000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xB944F000 \SystemRoot\system32\DRIVERS\psched.sys
0xF7536000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF7817000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF781F000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF7526000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF7747000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF7767000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF79B3000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB93F1000 \SystemRoot\system32\DRIVERS\update.sys
0xBA7E4000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF74F6000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xAD0B0000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xF747D000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF79B7000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xB995A000 \SystemRoot\system32\DRIVERS\gameenum.sys
0xF7757000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0xF79CF000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xBA133000 \SystemRoot\System32\Drivers\Null.SYS
0xF79D1000 \SystemRoot\System32\Drivers\Beep.SYS
0xF776F000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xF7777000 \SystemRoot\System32\drivers\vga.sys
0xF79D3000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF79D5000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF777F000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF7787000 \SystemRoot\System32\Drivers\Npfs.SYS
0xB994A000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xACF3D000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xACEE4000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xACEBE000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xACE96000 \SystemRoot\system32\DRIVERS\netbt.sys
0xF744D000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xACE74000 \SystemRoot\System32\drivers\afd.sys
0xF743D000 \SystemRoot\system32\DRIVERS\arp1394.sys
0xF742D000 \SystemRoot\system32\DRIVERS\netbios.sys
0xF778F000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0xACE49000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xACDD9000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF741D000 \SystemRoot\System32\Drivers\Fips.SYS
0xACDBD000 \SystemRoot\system32\DRIVERS\avipbb.sys
0xF79D9000 \??\C:\Programme\Avira\AntiVir Desktop\avgio.sys
0xF7877000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xF77A7000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xAD0A8000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xB9F29000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xAD0A4000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xAD09C000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xF77B7000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xACD7D000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF79F1000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xACF84000 \SystemRoot\System32\drivers\Dxapi.sys
0xF77CF000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xBA7A6000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\ati2dvag.dll
0xBF065000 \SystemRoot\System32\ati2cqag.dll
0xBF0FE000 \SystemRoot\System32\atikvmag.dll
0xBF182000 \SystemRoot\System32\atiok3x2.dll
0xBF1CD000 \SystemRoot\System32\ati3duag.dll
0xBF572000 \SystemRoot\System32\ativvaxx.dll
0xBF9C6000 \SystemRoot\System32\ATMFD.DLL
0xAAA15000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0xAAA69000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xAA585000 \SystemRoot\system32\DRIVERS\srv.sys
0xAA480000 \SystemRoot\system32\drivers\wdmaud.sys
0xAA63D000 \SystemRoot\system32\drivers\sysaudio.sys
0xA9B21000 \SystemRoot\System32\Drivers\HTTP.sys
0x7C910000 \WINDOWS\system32\ntdll.dll

Processes (total 49):
0 System Idle Process
4 System
476 C:\WINDOWS\system32\smss.exe
596 csrss.exe
712 C:\WINDOWS\system32\winlogon.exe
832 C:\WINDOWS\system32\services.exe
844 C:\WINDOWS\system32\lsass.exe
1048 C:\WINDOWS\system32\ati2evxx.exe
1064 C:\WINDOWS\system32\svchost.exe
1128 svchost.exe
1204 C:\WINDOWS\system32\svchost.exe
1244 C:\WINDOWS\system32\svchost.exe
1312 C:\WINDOWS\system32\ati2evxx.exe
1420 svchost.exe
1516 svchost.exe
1612 C:\WINDOWS\system32\spoolsv.exe
1744 C:\Programme\Avira\AntiVir Desktop\sched.exe
1180 C:\Programme\Avira\AntiVir Desktop\avguard.exe
1280 C:\Programme\Java\jre6\bin\jqs.exe
1724 pg_ctl.exe
1904 C:\WINDOWS\system32\PnkBstrA.exe
1960 postgres.exe
152 C:\WINDOWS\explorer.exe
352 postgres.exe
512 postgres.exe
532 postgres.exe
552 C:\WINDOWS\system32\svchost.exe
568 postgres.exe
608 postgres.exe
1652 C:\WINDOWS\SOUNDMAN.EXE
1676 C:\WINDOWS\ALCWZRD.EXE
1732 C:\WINDOWS\mixer.exe
1768 C:\Programme\Logitech\G-series Software\LGDCore.exe
1796 C:\Programme\Logitech\G-series Software\LCDMon.exe
1848 C:\Programme\PCI Audio Applications\Bin\EchoCtrl.exe
1872 C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
1940 C:\Programme\Avira\AntiVir Desktop\avgnt.exe
1992 C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
2056 C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
2068 C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
2136 C:\WINDOWS\system32\ctfmon.exe
2164 C:\Programme\Logitech\G-series Software\Applets\LCDPop3\LCDPOP3.exe
2220 C:\Programme\Logitech\G-series Software\Applets\LCDCountdown\LCDCountdown.exe
2228 C:\Programme\Logitech\G-series Software\Applets\LCDMedia.exe
2240 C:\Programme\Logitech\G-series Software\Applets\LCDClock.exe
2596 C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
2888 alg.exe
3144 C:\Programme\Mozilla Firefox\firefox.exe
780 C:\Dokumente und Einstellungen\Manu\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: ST3160023AS, Rev: 3.00

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: ADFE55CD0C6ED2E00B22375835E4C2736CE9AD11


Done!

cosinus 28.05.2011 22:53
Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!


Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Manumaschine 05.06.2011 18:47
Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Datenbank Version: 6776

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

05.06.2011 19:43:15
mbam-log-2011-06-05 (19-43-15).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 193541
Laufzeit: 4 Minute(n), 3 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

cosinus 05.06.2011 19:28
Zitat:
Art des Suchlaufs: Quick-Scan
Sry aber ich wollte einen Vollscan sehen...bitte nachholen und Log posten!
Denk dran vorher die Signaturen von Malwarebytes zu aktualisieren, da gibt es sehr häufig neue Updates!


Alle Zeitangaben in WEZ +1. Es ist jetzt 08:49 Uhr.
Seite 2 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132